[Nix-dev] NixOps - secret/credentials management
Peter Simons
simons at nospf.cryp.to
Thu May 12 10:47:55 CEST 2016
Hi Oliver,
> One option is to introduce these credentials as parameters to your network
> evaluation:
>
> { secretCertificate }:
> {
> web = { ... } : ...
> }
>
> Then you will need to set this parameter when you do deployments in order to
> evaluate the network expression and perform deployments.
I am sorry if I'm missing something terribly obvious, but I wonder how
that helps getting the secret onto the deployed machines without having
it added to the Nix store? You cannot say something to the effect of
"store that information in /etc/my-secret" without going through a Nix
derivation somewhere, can you?
Best regards,
Peter
More information about the nix-dev
mailing list